• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.107-109
• /
• 2022

This paper proposes a new security system to detect cyber-attacks based on message authentication in a in-vehicle network. In the in-vehicle network, when a sending node transmits messages in a broadcast manner, it only uses a message identifier, rather than a node's identifier. It leads to a problem not identifying the source. In the proposed system, the sending node generates a message authentication code (MAC) using a cryptographic hash function to the control data and transmits it with the control data. When generating the MAC for each message, a multidimensional chaotic map is applied to increase the randomness of the result. The receiving node compares its MAC generated from the control data in the received message with the MAC of the received message to detect whether the message transmitted from the sending node is forged or not. We evaluate the performance of the proposed system by using CANoe and CAPL (Communication Access Programming Language). Our system shows a 100% of detection rate against cyber-attacks injected.

• Journal of IKEEE
• /
• v.24 no.2
• /
• pp.669-672
• /
• 2020

In this paper, we analyzed the characteristics of cyber attacks and major threat scenarios that could occur around intelligent building management Systems(IBS) by cyber attack security threats against cyber physics systems. Generally determined that lowering the likelihood of aggression against predictable threats would be a more realistic approach to attack response. The countermeasures against this need to be applied to multi-layered defense systems, and three alternatives were proposed: preliminary cyber safety diagnosis for protection targets and the establishment of mobile security control systems.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.449-451
• /
• 2015

When cyber attacks are discovered in nuclear facilities, licensees are required to notify regulatory organizations for quick action. This also helps regulatory organizations to strengthen regulatory capabilities for cyber security. Currently the U.S. issued the final draft rule for Cyber Security Event Notifications. Domestic regulatory activities being at an early stage for cyber security need to implement law for Cyber Security Event Notifications. Since the current laws are focused on the aspect of safety, they are in need of more specific laws for cyber security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.465-472
• /
• 2019

In recent years, the cyber attack has become a universal phenomenon, and the attacks in cyberspace are regarded as a kind of war, cyber-warfare. However, cyber-warfare is difficult to identify the damage caused by the attack. In order to effectively evaluate the damage to the attack that may occur in the cyber-warfare, this paper describes the damage evaluation simulation of the cyber-warfare based on DEVSim++, which can calculate the damage to the cyber attack using the MOCE (Measure of Cyber Effectiveness). Also, in order to help the commander in the cyber Command&Control phase, the number of victims by attack classification is expressed in the form of Venn diagram.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.3
• /
• pp.49-57
• /
• 2010

We extended a general attack tree to apply cyber attack model for network vulnerability analysis. We defined an extended cyber attack tree (E-CAT) which extends the general attack tree by associating each node of the tree with a transition of attack that could have contributed to the cyber attack. The E-CAT resolved the limitation that a general attack tree can not express complex and sophisticate attacks. Firstly, the Boolean expression can simply express attack scenario with symbols and codes. Secondary, An Attack Generation Probability is used to select attack method in an attack tree. A CONDITION-composition can express new and modified attack transition which a aeneral attack tree can not express. The E-CAT is possible to have attack's flexibility and improve attack success rate when it is applied to cyber attack model.

• International Journal of Computer Science & Network Security
• /
• v.22 no.12
• /
• pp.29-36
• /
• 2022

Smart grid (SG) software platforms and communication networks that run and manage the entire grid are increasingly concerned about cyber security. Characteristics of the smart grid networks, including heterogeneity, time restrictions, bandwidth, scalability, and other factors make it difficult to secure. The age-old strategy of "building bigger walls" is no longer sufficient given the rise in the quantity and size of cyberattacks as well as the sophisticated methods threat actor uses to hide their actions. Cyber security experts utilize technologies and procedures to defend IT systems and data from intruders. The primary objective of every organization's cybersecurity team is to safeguard data and information technology (IT) infrastructure. Consequently, further research is required to create guidelines and methods that are compatible with smart grid security. In this study, we have discussed objectives of of smart grid security, challenges of smart grid security, defensive cybersecurity techniques, offensive cybersecurity techniques and open research challenges of cybersecurity.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.3
• /
• pp.91-98
• /
• 2021

Today's information and communication technology is rapidly developing, the security of IT infrastructure is becoming more important, and at the same time, cyber attacks of various forms are becoming more advanced and sophisticated like intelligent persistent attacks (Advanced Persistent Threat). Early defense or prediction of increasingly sophisticated cyber attacks is extremely important, and in many cases, the analysis of network-based intrusion detection systems (NIDS) related data alone cannot prevent rapidly changing cyber attacks. Therefore, we are currently using data generated by intrusion detection systems to protect against cyber attacks described above through Host-based Intrusion Detection System (HIDS) data analysis. In this paper, we conducted a comparative study on machine learning algorithms using LID-DS (Leipzig Intrusion Detection-Data Set) host-based intrusion detection data including thread information, metadata, and buffer data missing from previously used data sets. The algorithms used were Decision Tree, Naive Bayes, MLP (Multi-Layer Perceptron), Logistic Regression, LSTM (Long Short-Term Memory model), and RNN (Recurrent Neural Network). Accuracy, accuracy, recall, F1-Score indicators and error rates were measured for evaluation. As a result, the LSTM algorithm had the highest accuracy.

• Journal of Advanced Navigation Technology
• /
• v.21 no.6
• /
• pp.633-637
• /
• 2017

Cyber attacks on aircraft and aeronautical networks are not much different from cyber attacks commonly found in the ground industry. Air traffic management infrastructure is being transformed into a digital infrastructure to secure air traffic. A wide variety of communication environments, information and communications, navigation, surveillance and inflight entertainment systems are increasingly threatening the threat posed by cyber terrorism threats. The emergence of unmanned aircraft systems also poses an uncontrollable risk with cyber terrorism. We have analyzed cyber security standards and response strategies in developed countries by recognizing the vulnerability of cyber threats to aircraft systems and aviation infrastructure in next generation data network systems. We discussed comprehensive measures for cybersecurity policies to consider in the domestic aviation environment, and discussed the concept of security environment and quick response strategies.

• Journal of the Korea Convergence Society
• /
• v.9 no.7
• /
• pp.55-62
• /
• 2018

Recently, as the threat of cyber crime increases, the importance of security control to cope with cyber attacks on the information systems in the first place such as real-time detection is increasing. In the name of security control center, cyber terror response center and infringement response center, institutional control personnel are making efforts to prevent cyber attacks. Especially, we are detecting infringement accident by using network security equipment or utilizing control system, but it's not enough to prevent infringement accident by just controlling based on device-driven simple patterns. Therefore, the security control system is continuously being upgraded, and the development and research on the detection method are being actively carried out by the prevention activity against the threat of infringement. In this paper, we have defined the method of detecting infringement of major component module in order to improve the problem of existing infringement detection method. Through the performance tests for each module, we propose measures for effective security control and study effective infringement threat detection method by upgrading the control system using Security Information Event Management (SIEM).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.507-522
• /
• 2014

Domestic CERTs are carrying out monitoring and response against cyber attacks using security devices(e.g., IDS, TMS, etc) based on signatures. Particularly, in case of public and research institutes, about 30 security monitoring and response centers are being operated under National Cyber Security Center(NCSC) of National Intelligence Service(NIS). They are mainly using Threat Management System(TMS) for providing security monitoring and response service. Since TMS raises a large amount of security events and most of them are not related to real cyber attacks, security analyst who carries out the security monitoring and response suffers from analyzing all the TMS events and finding out real cyber attacks from them. Also, since the security monitoring and response tasks depend on security analyst's know-how, there is a fatal problem in that they tend to focus on analyzing specific security events, so that it is unable to analyze and respond unknown cyber attacks. Therefore, we propose automated verification method of security events based on their empirical analysis to improve performance of security monitoring and response.